Build and Push Docker and Singularity Images #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker and Singularity Images | |
| on: | |
| release: | |
| types: [created] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag for the release' | |
| required: false | |
| default: '' | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| SINGULARITY_LIBRARY_TOKEN: ${{ secrets.SINGULARITY_LIBRARY_TOKEN }} | |
| SIGNING_PRIVATE_KEY_BASE64: ${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }} | |
| SIGNING_PUBLIC_KEY_BASE64: ${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }} | |
| SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| DOCKER_IMAGE_NAME: opaino/genopred_pipeline | |
| SINGULARITY_IMAGE_NAME: library://opain/genopred | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| DOCKERFILE_PATH: pipeline/misc/docker/Dockerfile | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Export Secrets to Environment | |
| run: | | |
| echo "SINGULARITY_LIBRARY_TOKEN=${{ secrets.SINGULARITY_LIBRARY_TOKEN }}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin | |
| - name: Set Tag | |
| id: set_tag | |
| run: | | |
| if [ "${{ github.event_name }}" == "release" ]; then | |
| echo "::set-output name=tag::${{ github.event.release.tag_name }}" | |
| else | |
| echo "::set-output name=tag::${{ github.event.inputs.tag || github.sha }}" | |
| fi | |
| # - name: Set up Docker Buildx | |
| # run: | | |
| # docker buildx build --platform linux/amd64 -f $DOCKERFILE_PATH -t $DOCKER_IMAGE_NAME:latest -t $DOCKER_IMAGE_NAME:${{ steps.set_tag.outputs.tag }} --push . | |
| # | |
| - name: Setup Apptainer | |
| uses: eWaterCycle/[email protected] | |
| # - name: Convert Docker Image to Singularity SIF | |
| # run: | | |
| # apptainer pull ${GITHUB_WORKSPACE}/image.sif docker://${DOCKER_IMAGE_NAME}:latest | |
| # | |
| - name: Install expect | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y expect | |
| - name: Decode and Import Signing Keys | |
| run: | | |
| echo "${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }}" | base64 --decode > private.key | |
| echo "${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }}" | base64 --decode > public.key | |
| expect -c ' | |
| spawn apptainer key import private.key | |
| expect "Enter your key passphrase : " | |
| send -- "${{ secrets.SIGNING_KEY_PASSWORD }}\r" | |
| expect eof | |
| ' | |
| expect -c ' | |
| spawn apptainer key import public.key | |
| expect "Enter your key passphrase : " | |
| send -- "${{ secrets.SIGNING_KEY_PASSWORD }}\r" | |
| expect eof | |
| ' | |
| - name: Sign the Singularity Image | |
| run: | | |
| apptainer sign ${GITHUB_WORKSPACE}/image.sif | |
| - name: Create Token File | |
| run: echo "${{ secrets.SINGULARITY_LIBRARY_TOKEN }}" > ${GITHUB_WORKSPACE}/tokenfile | |
| - name: Login to Singularity Library | |
| run: apptainer remote login --tokenfile ${GITHUB_WORKSPACE}/tokenfile | |
| - name: Push Singularity Image to Singularity Library | |
| run: | | |
| apptainer push ${GITHUB_WORKSPACE}/image.sif $SINGULARITY_IMAGE_NAME:latest | |
| apptainer push ${GITHUB_WORKSPACE}/image.sif $SINGULARITY_IMAGE_NAME:${{ steps.set_tag.outputs.tag }} | |
| - name: Setup tmate session | |
| if: ${{ failure() }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: 15 |